Unverified Commit 76ffe48f authored by Aki Braun's avatar Aki Braun
Browse files

update final normative cruptography references

parent be0d2571
Loading
Loading
Loading
Loading
+2 −0
Original line number Diff line number Diff line
@@ -136,6 +136,8 @@ The following referenced documents are necessary for the application of the pres

<span id="_ref_12"></span><a name="_ref_12">[12]</a> C2SP [BLAKE3](https://c2sp.org/BLAKE3): "The BLAKE3 Hashing Framework"

<span id="_ref_13"></span><a name="_ref_13">[13]</a> IETF [RFC-AEGIS](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/): "The AEGIS Family of Authenticated Encryption Algorithms" 

## 2.2 Informative references

References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non‑specific references, the latest version of the referenced document (including any amendments) applies.
+17 −17
Original line number Diff line number Diff line
@@ -265,7 +265,7 @@ Table K.3.2 lists the ACM-extended cryptographic mechanisms specified by the pre
**Table K.3.2: ACM-extended cryptographic mechanisms**

| ACM-extended cryptographic mechanism | Type of cryptographic mechanism | Characteristics / parameters | Related product function(s) / use case(s), where applicable | Cryptographic properties | Specification / reference                                                                                                  | Conditions or limitations, where applicable |
| :---- | :---- |:----| :---- | :---- |:----| :---- |
| :---- | :---- |:----| :---- | :---- |:---------------------------------------------------------------------------------------------------------------------------| :---- |
| Curve25519 | Primitive | \- | \- | Confidentiality, Authentication, Key Establishment | RFC 7748 [\[3\]](#_ref_3)                                                                                                  |  |
| X25519 | Primitive | 256 bit | TLS, IPC, VPN protocols, key agreement | Key establishment | RFC 7748 [\[3\]](#_ref_3)                                                                                                  |  |
| Ed25519 | Primitive | 256 bit | Package Signature, TLS, IPC,  VPN protocols, data signature | Authentication | RFC 8032 [\[4\]](#_ref_4), FIPS 186-5 [\[5\]](#_ref_5)                                                                     |  |
@@ -275,9 +275,9 @@ Table K.3.2 lists the ACM-extended cryptographic mechanisms specified by the pre
| Argon2 | Algorithm | Refer to 4\. Parameter Choice in RFC 9106 [\[6\]](#_ref_6) and the ACN’s guidance.<br />Argon2id, Argon2i, Argon2d | Password-based hashing, Key derivation | Cryptographic hashing, Integrity, Authentication | RFC 9106 [\[6\]](#_ref_6), BSI-TR-02102-1 [\[7\]](#_ref_7), [ACN](https://www.acn.gov.it/portale/en/crittografia)          |  |
| scrypt  | Algorithm | Refer to 2\. scrypt Parameters in RFC 7914 [\[8\]](#_ref_8) and the ACN’s guidance. | Password-based hashing,Key derivation | Cryptographic hashing, Integrity, Authentication | RFC 7914 [\[8\]](#_ref_8), [ACN](https://www.acn.gov.it/portale/en/crittografia)                                           |  |
| ChaCha20 | Algorithm | Key: 256 bit Nonce: 96bit or 192bit (XChaCha), | TLS, data encryption,  VPN protocols | confidentiality | RFC 8439 [\[9\]](#_ref_9)                                                                                                  |  |
| Salsa20 | Algorithm | Key: 256 bit Nonce: 64 bit, 192bit (XSalsa20) | data encryption,  VPN protocols  | confidentiality | [SALSA20](https://cr.yp.to/snuffle/spec.pdf) | 20 rounds |
| Salsa20 | Algorithm | Key: 256 bit Nonce: 64 bit, 192bit (XSalsa20) | data encryption,  VPN protocols  | confidentiality | RFC 8439 [\[9\]](#_ref_9)                                                                                                  | 20 rounds |
| Poly1305 | Algorithm | 256 bit | MAC, VPN protocols | Authentication, Integrity | RFC 8439 [\[9\]](#_ref_9)                                                                                                  |  |
| AEGIS | Algorithm | 256 bit, 128 bit<br />AEGIS-128, AEGIS-128L, AEGIS-256, AEGIS-256X | Authenticated data encryption, VPN protocols  | Authentication, confidentiality, integrity | [RFC-AEGIS](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/), [AEGIS](https://competitions.cr.yp.to/round3/aegisv11.pdf) |  |
| AEGIS | Algorithm | 256 bit, 128 bit<br />AEGIS-128, AEGIS-128L, AEGIS-256, AEGIS-256X | Authenticated data encryption, VPN protocols  | Authentication, confidentiality, integrity | RFC-AEGIS [\[13\]](#_ref_13)                                                                                               |  |
| Blake2 | Algorithm | Blake2s, Blake2b | Key derivation, Generic hashing, MAC | Authentication, integrity | RFC 7693 [\[10\]](#_ref_10), NIST IR 7896                                                                                  |  |
| Blake3 | Algorithm | | Key derivation, Generic hashing, MAC | Authentication, integrity | BLAKE3 [\[12\]](#_ref_12), [C2SP](https://github.com/C2SP/C2SP)                                                            |  |
| UMAC | Algorithm | 128 bit | MAC | Authentication, Integrity | RFC 4418 [\[11\]](#_ref_11)                                                                                                |  |